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What Is Claimed Is: 

1. method for dynamically creating security keys for a subscriber having at least 

one preexisting! security credential set having at least one pre-existing cryptographic 
security key, comph^mg the steps of: 

providing^GQnfigurable security key manifest operative to contain a non- 
prespecified number of securityltej^s; and 

dynamically controlling>ttjrough a configured security key manifest, the 
generation of at least one new securit^k^y for a subscriber based on the received 
key attribute data contained in the configurect^curity key manifest. 



2. Tte method of claim 1 including the step of generating a tfew public key pair for 
15 the subscriber based on content of the configurable security key manifest. 
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3. The methocNyf claim 1 including the step of receiving data representing desired 
new key attribute data ftv presenting a configurable security key manifest template and 
receiving new key attribute>4ata through the configurable security key manifest template. 

4. The method of claim 1 whefr^in the step of providing the configurable security 
key manifest operative to contain a nonvprespecified number of security keys includes 
storing a configured security key manifest K^r push based or pull based access by the 
subscriber. 

5. The method of claim 1 wherein the configured^fcecurity key manifest includes 
updated data representing at least one of: key size, key usa^key maintenance attributes, 
cryptographic algorithm used, subscriber identification data anch^uthentication data. 
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ci. The method of claim 1 including the steps of: 

\ generating an updated security key manifest as the configured security key 
manifest to contain data representing at least one of: key size, key usage, key 
maintenance attributes, cryptographic algorithm used, subscriber identification data and 
5 authentication data, for the at least one subscriber; and 

comparing the updated security key manifest to the pre-existing credential set 
containing at le&st one pre-existing cryptographic security key; and 

updating me pre-existing credential set based on the comparison. 

10 7. The method ol\claim 6 wherein the step of updating the pre-existing credential set 
includes the step of generating a new public key pair for the subscriber based on content 
of the configurable securiw key manifest. 

8. The method of claim 1 including the steps of: 

1 5 generating at leastWe new key pair in response to content of the 

configured security key manifest; 

continuously analyzinathe configured security key manifest content, prior 

to using a security key pair to determine the suitable security keys necessary for a 

given operation. \ 
20 \ 

9. The method of claim 1 including the stbps of: 

digitally signing the configured security key manifest by a trusted key 
manifest generator; \ 

receiving the digitally signed configured security key manifest; 
25 obtaining the pre-existing credential set; and 

prior to analyzing content of the configured security key manifest, 
verifying the digital signature of the digitally signed configured security key 
manifest. \ 

30 10. The method of claim 6 wherein the step of comparing mcludeS\4etermining a 

difference in security key information between the updated security key Vanifest and the 
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pre-existing cryptographic security key. 

1 1 . Thef^ethod of claim 1 wherein the security key is a key pair and wherein the step 
5 of dynamically controlling the generation of the at least one security key includes 

dynamically controlling the number of key pairs for a subscriber in response to content of 
the configured securitwey manifest. 

12. The method of claim (^wherein the step of updating the pre-existing credential set 
10 includes generating digitally signed data structures corresponding to at least one of a 

newly generated public key pair. \ 

13. The method of claim 1 wherein the afcsteast one new security key is a symmetric 
key. \ 

15 \. 

14. The method of claim 3 wherein the data represehting desired new key attribute 
data includes data representing at least one of : key size, keWsage, key maintenance 
attributes, cryptographic algorithm used, subscriber identification data, authentication 
data. \^ 

20 \ 
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A method for dynamically creating security keys for a subscriber having at least 
on^preexisting security credential set having at least one pre-existing cryptographic 
securit^key, comprising the steps of: 

providing a configurable security key manifest (table) operative to contain 
a non-prespecffied number of security keys; 

recfejving, in response to providing the configurable security key manifest, 
data representing desked new key attribute data by presenting a configurable security key 
manifest template and reviving new key attribute data through the configurable security 
key manifest template; ^ ^ 

dynamically controlling, through a configured security key manifest, the 
generation of at least one new secim^y key for a subscriber based on the received key 
attribute data, wherein the configured security key manifest is an updated security key 
manifest containing data representing at le^st one of: key size, key usage, key 
maintenance attributes, cryptographic algorithm used, subscriber identification data and 
authentication data; 

comparing, by the subscriber, the updated security key manifest to the pre- 
existing credential set containing at least one of: key sifce data, cryptographic algorithm 
designation data, key attribute data and key usage data for^vand 

updating, by the subscriber, the pre-existing credential set based on the 
comparison by generating at least one new key for the subscriber^ased on content of the 
configurable security key manifest. 




16. Ttteanethod of claim 15 wherein the step of providing the configurable security 
key manifest op^tive to contain a non-prespecified number of security keys includes 
storing the configurea&Qjirity key manifest for push based or pull based access by the 
subscriber. 
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17. The method of claim 16 wherein the step of updating the pre-existing credential 
set includes the step of generating a new public key pair for the subscriber based on 
content of the configurable security key manifest. 
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18. t^e method of claim 1 5 including the steps of: 

generating at least one new key pair in response to content of the 
configured security key manifest; and 

mtinuously analyzing the configured security key manifest content, prior 
to using aVecurity key pair to determine the suitable security keys necessary for a 
given operation. 



19. The method of olaim 1 5 including the steps of: 

digitally sifening the configured security key manifest by a trusted key 
manifest generator; 

1 5 receiving, by thg subscriber, the digitally signed configured security key 

manifest; 

obtaining, by the siibscriber, the pre-existing credential set; and 
prior to analyzing content of the configured security key manifest, 
verifying, by the subscriber, theViigital signature of the digitally signed 
20 configured security key manifest. 
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20. The method of claim 15 wherein the st^p of comparing includes determining a 
difference in security key information between t\e updated security key manifest and the 
pre-existing key data. 



21 . The method of claim 1 5 wherein the security keVis a key pair and wherein the 
step of dynamically controlling the generation of the at least one security key includes 
dynamically controlling the number of key pairs for a subscriber in response to content of 
30 the configured security key manifest. 
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The method of claim 15 wherein the step of updating the pre-existing credential 
set in^des generating digitally signed data structures corresponding to at least one of a 
newly gen^ted public key pair. 

23. The method oibl^im 15 wherein the at least one new security key is a symmetric 
key. 
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24. The method of claim 15 wherein fltesdata representing desired new key attribute 
data includes data representing at least one of : k^^ize, key usage, key maintenance 
attributes, cryptographic algorithm used, subscriber identification data, authentication 
data. 
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15. An apparatus for facilitating dynamic creation of security keys for a subscriber 
hairing at least one preexisting security credential set having at least one pre-existing 
cryptographic security key, comprising: 

at least one security key manifest analyzer operative to receive the at least 
one preexfcrting security credential set and operative to process a configured security key 
manifest; anc 

least one security credential set generator operative to dynamically 
generate, from tnk configured security key manifest, at least one new security key for a 
subscriber based on\eceived key attribute data contained in the configured security key 
manifest. 
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26. The apparatus of claftn 25 including a cryptographic key generator operative to 
generate a new public key pair tpr the subscriber based on content of the configured 
security key manifest. 

27. The apparatus of claim 25 wherein the security key manifest analyzer compares 
an updated security key manifest to the pre-existing credential set containing at least one 
pre-existing cryptographic security key; anoWherein the at least one security credential 
set generator facilitates updating of the pre-exft^ing credential set based on the 
comparison. 
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28. The apparatus of 27 wherein the at least one security credential set generator 
generates a new public key pair for the subscriber based\n content of the configured 
security key manifest. 

29. The apparatus of claim 25 wherein the security key analyzer continuously 
analyzes the configured security key manifest content and whereiiMie key manifest 
analyzer is used to determine the suitable security keys necessary fona given operation. 



30 30. The apparatus of claim 25 wherein the security key manifest analyzer receives the 
digitally signed configured security key manifest, obtains the pre-existing credential set; 
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id prior to analyzing content of the configured security key manifest, verifying the 
digital signature of the digitally signed configured security key manifest. 
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3 1 . MTie apparatus of claim 30 wherein the key manifest analyzer determines a 
difference^ security key information between the updated security key manifest and the 
pre-existing $ey data. 

32. The apparatus of claim 25 wherein the security key is a key pair and wherein the 
security credential generator generates a number of key pairs for a subscriber in response 
to content of the configured security key manifest. 
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33. The apparatus of clainr£7 wherein the step of 

updating the pre-existing credential set includes generating digitally signed data 
structures corresponding to at least one of a newly generated public key pair. 



34. The apparatus of claim 25 wherei^the at least one new security key is a 

m symmetric key. 

C3 20 35. The apparatus of claim 25 wherein the da&r representing desired new key attribute 

Lb I \ 

Fy data includes data representing at least one of : key size, key usage, key maintenance 

* M attributes, cryptographic algorithm used, subscriber identification data, authentication 

■„Q data. 
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$6. An apparatus for facilitating dynamic creation of security keys for a subscriber 
having at least one preexisting security credential set having at least one pre-existing 
cryptographic security key, comprising: 

least one key manifest generator that provides the configurable security key 
manifest operative to contain a non-prespecified number of security keys, 
wherein the keV manifest generator receives data representing desired new key attribute 
data by presenting^ configurable security key manifest template and receiving new key 
attribute data througnthe configurable security key manifest template. 



10 37. The apparatus of claiiw36 including storage operative for storing a configured 
security key manifest for push basi&d or pull based access by the subscriber. 
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38. The apparatus of claim 36 whereinShe configured security key manifest includes 
updated data representing at least one of: key\ze, key usage, key maintenance attributes, 
cryptographic algorithm used, subscriber identification data and authentication data. 



39. The app^atus^f€laiai^6jnc^ing a trusted key ] 
respdtoive to digitally sign the configured secuntylce) 



lifest generator operatively 



40. The^&pparatus of claim 36 including at least one security key manifest analyzer 
operative to recb^ye the at least one preexisting security credential set and operative to 
process a configureiksecurity key manifest; and 

at least ohe security credential set generator operative to dynamically 
generate, from the configured security key manifest, at least one new security key for a 
subscriber based on received ke^ttribute data contained in the configured security key 
manifest. 
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41 . The apparatus of claim 40 including ^cryptographic key generator operative to 
generate a new public key pair for the subscribert^ased on content of the configured 
security key manifest. 
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The apparatus of claim 40 wherein the security key manifest analyzer compares 
an uptte^ed security key manifest to the pre-existing credential set containing at least one 
pre-existmg s q-yptographic security key; and wherein the at least one security credential 
set generator facilitates updating of the pre-existing credential set based on the 
comparison. 



43. The apparatus of 42 wherefrvtfie at least one security credential set generator 
generates a new public key pair for the sifla^criber based on content of the configured 
security key manifest. 
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A method for dynamically creating security keys for a subscriber comprising the 



stepaof: 



providing a configurable security key manifest operative to contain a non- 
-specified number of security keys; and 

dynamically controlling, through a configured security key manifest, 
initial generation of at least one security key for the subscriber, based on received 
key attribute data contained in the configured secured key manifest. 



10 45 . The method of claim 44 including the step of generating a new public key pair for 
the subscriber based on content of the configurable security key manifest. 
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46. The method of claim 44 "including the step of receiving data representing desired 
new key attribute data by presentinka configurable security key manifest template and 
receiving new key attribute data through the configurable security key manifest template. 
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47. The method of claim 44 wherein the step of providing the configurable security 
key manifest operative to contain a non-prespecified number of security keys includes 
storing a configured security key manifest for pusft^ased or pull based access by the 
subscriber. 
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48. The method of claim 44 wherein the configured security key manifest includes 
updated data representing at least one of: key size, key usage,\ey maintenance attributes, 
cryptographic algorithm used, subscriber identification data and Authentication data. 
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